Back to All Scenarios
PASSEDnetwork / stp_loop
Spanning Tree Loop — BPDU Guard Violation
A user plugs a personal switch into an access port configured with BPDU Guard. The switch sends BPDUs, triggering err-disable on the port and a topology change notification across the network.
Pattern
STP_LOOP
Severity
CRITICAL
Confidence
92%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | STP_LOOP | STP_LOOP | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 48 linked | |
| Cascade Escalation | Yes | Yes | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
Core switch running RSTP. Access port with BPDU Guard enabled. User connects a consumer switch that sends BPDUs. Topology change notification propagates.
Injected Error Messages (3)
STP topology change notification received on Core-SW1, root bridge change detected, BPDU Guard triggered err-disable on Gi0/24 of Access-SW3
spanning tree loop detected — port Gi0/24 err-disabled due to BPDU received from unauthorized device, STP reconvergence in progress
STP loop causing intermittent connectivity loss to branch office VPN gateway, topology change notification count: 47 in last 60 seconds
Neural Engine Root Cause Analysis
A Spanning Tree Protocol (STP) loop has been detected in the network infrastructure. A root bridge change occurred, causing STP topology instability, which triggered BPDU Guard on port Gi0/24 of Access-SW3, placing it in err-disabled state. This network disruption has cascaded to cause SNMP monitoring failures on Core-SW1, and likely affects the 18 correlated incidents, indicating widespread network connectivity issues stemming from the STP topology change.
Remediation Plan
1. Immediately investigate the root bridge change - identify what caused the original root bridge to fail or become unavailable. 2. Re-enable the err-disabled port Gi0/24 on Access-SW3 using 'shutdown' followed by 'no shutdown' commands after confirming no physical loop exists. 3. Verify STP topology has stabilized and root bridge is in expected state. 4. Check all switch interconnections for physical issues, loose cables, or failed links. 5. Review STP configuration across all switches to ensure proper root bridge priority settings. 6. Monitor SNMP connectivity restoration on Core-SW1 after network stability is achieved.
Tested: 2026-03-30Monitors: 3 | Incidents: 3Test ID: cmncjc4by0071obqekaqeloh7